Tutorials | Challenges | Tools | Downloads | Resources | Documentaries

Hacking Targets Via SSH




Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Due to this, SSH is widely used for remote connections to other systems, and is popular among many companies.

By default, SSH runs on port 22 by default, but if your target has to chosen to use another port, you will need to spend more time scanning ports to find the exact port number that is being used for SSH.

In this tutorial, we are going to use THC-Hydra/xHydra to hack into our target via SSH. Once Hydra has found the the correct login credentials, we can log straight into our target.

First, we need to find which port the SSH service is running on. Let's check the default port: 22

To do this, we'll use nmap. Type: nmap <target IP> -p 23

[Image: 0.png]

As we have now confirmed the port number running the SSH service, we can move on to running a dictionary attack against our target.

Once we open up our terminal, and type xhydra
the GUI for Hydra will appear.

Here we enter the IP address of our target, port number, and protocol.
single target = <targetip>
port = 0 (default) or the port number running SSH


[Image: 1.png]

On the passwords tab, we will add our dictionaries for our dictionary attack.
username list = list of usernames to try
password list = list of passwords to try

Additionally, we can choose to run Try login as password and Try reverse login.

[Image: 2.png]

Click on the Start tab, then click start.
Hydra is now running the dictionary attack against our target.

As you can see in the image below, Hydra has successfully found the login credentials for our target's SSH service.
[Image: 3.png]

We can use ssh in our terminal to log into our target, by using the syntax: 
msfadmin@192.168.1.102 <port number>


[Image: 4.png]

Now we have access to our target via SSH. We can use cd and ls to move around the system and see what files and directories it contains.

[Image: 5.png]

For more commands, we can type help, which show us all the available commands.

[Image: 6.png]
Labels:
Reactions:

Post a Comment

"Great blog created by you. I read your blog, its best and useful information. You have done a great work. Super blogging and keep it up.php jobs in hyderabad.
"

[blogger]

GrayHatHackers

{twitter https://twitter.com/ghhackers}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget